Wireless security is enforced at L1, in addition to or in lieu of other layers. AP's can switch dynamically from serving to scanning. Scanners listen for authorized frame headers. Scanners either receive, or allow authorized frames to be received, at their destination. Scanners kill unauthorized frames while they are still transmitting; scanners continue listening for and killing unauthorized frame headers until frame ending time demands their return to serving, multiplying their effectiveness. AP's include dual-mode multi-frequency omni-directional antennae, used to prevent third parties from snooping messages received at those AP's.
Legal claims defining the scope of protection, as filed with the USPTO.
1. A computer-implemented method in an access point having a dual-mode antenna for preventing unauthorized messages in a wireless communication network, the method comprising: receiving authorization information from a network controller that identifies devices that are authorized on the network; servicing authorized devices that are connected to the access point; responsive to not servicing authorized devices, switching dynamically to scan for unauthorized devices participating in peer-to-peer communications distinct from the network, comprising: listening to headers of frames including listening to a transmission of a header of a specific frame that comprises a header and a payload with a first portion of the dual-mode antenna, and comparing identification information in the header to the authorization information received; and breaking a payload of the specific fame by disrupting the transmission responsive to determining from the header that the specific frame is associated with an unauthorized device with a second portion of the dual-mode antenna, wherein breaking the payload comprises inserting a noise spike into the payload to change a checksum value of the frame such that the frame payload no longer matches the checksum value.
2. The method of claim 1 , wherein scanning for the unauthorized devices and breaking the payload of the unauthorized devices are implemented within the L1 layer of a network protocol.
3. The method of claim 1 , further comprising: receiving frames with a first portion of an antennae; and micro-jamming frames with a second portion of the antennae, substantially concurrently with the step of receiving frames.
4. The method of claim 1 , wherein scanning for unauthorized devices comprises scanning for unauthorized devices by listening to frame headers comprises comparing a destination indicator of the frame header with the authentication information from the network controller to determine if a destination device of the frame is authorized.
5. The method of claim 1 , wherein scanning for unauthorized devices comprises scanning for unauthorized devices by listening to frame headers comprises comparing a source indicator of the frame header with the authentication information from the network controller to determine if a destination device of the frame is authorized.
6. The method of claim 1 , wherein breaking the payload comprises inserting the noise spike into the payload.
7. The method of claim 1 , wherein the wireless communication network operates according to an IEEE 802.11 type of standard.
8. The method of claim 1 , wherein scanning for unauthorized devices comprises scanning more than one channel for unauthorized devices.
9. The method of claim 1 , further comprising: detecting a second access point having a radio signal range within an interference zone for which the access point also has a radio signal range, wherein responsive to not servicing authorized devices, scanning for unauthorized devices comprises responsive to not servicing authorized devices due to the second access point servicing authorized devices within the interference zone, scanning for unauthorized devices.
10. A non-transitory computer readable medium storing source code that, when executed by a processor, performs a method in an access point for preventing unauthorized messages in a wireless communication network, the method comprising: receiving authorization information from a network controller that identifies devices that are authorized on the network; servicing authorized devices that are connected to the access point; responsive to not servicing authorized devices, switching dynamically to scan for unauthorized devices participating in peer-to-peer communications distinct from the network, comprising: listening to headers of frames including listening to a transmission of a header of a specific frame that comprises a header and a payload with a first portion of the dual-mode antenna, and comparing identification information in the header to the authorization information received; and breaking a payload of the specific fame by disrupting the transmission responsive to determining from the header that the specific frame is associated with an unauthorized device with a second portion of the dual-mode antenna, wherein breaking the payload comprises inserting a noise spike into the payload to change a checksum value of the frame such that the frame payload no longer matches the checksum value.
11. The computer readable medium of claim 10 , wherein scanning for the unauthorized devices and breaking the payload of the unauthorized devices are implemented within the L1 layer of a network protocol.
12. The computer readable medium of claim 10 , further comprising: receiving frames with a first portion of an antennae; and micro-jamming frames with a second portion of the antennae, substantially concurrently with the step of receiving frames.
13. The computer readable medium of claim 10 , wherein scanning for unauthorized devices comprises scanning for unauthorized devices by listening to frame headers comprises comparing a destination indicator of the frame header with the authentication information from the network controller to determine if a destination device of the frame is authorized.
14. The computer readable medium of claim 10 , wherein scanning for unauthorized devices comprises scanning for unauthorized devices by listening to frame headers comprises comparing a source indicator of the frame header with the authentication information from the network controller to determine if a destination device of the frame is authorized.
15. The computer readable medium of claim 10 , wherein breaking the payload comprises inserting the noise spike into the payload.
16. The computer readable medium of claim 10 , wherein the wireless communication network operates according to an IEEE 802.11 type of standard.
17. The computer readable medium of claim 10 , wherein scanning for unauthorized devices comprises scanning more than one channel for unauthorized devices.
18. The computer readable medium of claim 10 , further comprising: detecting a second access point having a radio signal range within an interference zone for which the access point also has a radio signal range, wherein responsive to not servicing authorized devices, scanning for unauthorized devices comprises responsive to not servicing authorized devices due to the second access point servicing authorized devices within the interference zone, scanning for unauthorized devices.
19. A computer-implemented method in an access point for preventing unauthorized messages in a wireless communications network, the method comprising: servicing authorized devices that are connected to the access point; receiving authorization information from a network controller that identifies devices that are authorized on the wireless communications network; detecting a second access point having a radio signal range within an interference zone for which the access point also has a radio signal range and also in communication with the network controller; not servicing authorized devices for a period of time during which the second access point servicing authorized devices within the interference zone; during the period of time, switching dynamically to scanning for unauthorized devices by listening to headers of frames that each comprise a header and a payload; breaking the payload responsive to determining from the header that a frame is associated with an unauthorized device, wherein breaking the payload comprises inserting a noise spike into the payload to change a checksum value of the frame such that the frame payload no longer matches the checksum value; and switching to return servicing authorized devices after the period of time.
Cooperative Patent Classification codes for this invention. Click any code to explore related patents in that topic.
November 7, 2011
October 21, 2014
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.